Changeset 42062 for branches/4.3/tests/phpunit/tests/db.php
- Timestamp:
- 10/31/2017 12:48:20 PM (8 years ago)
- Location:
- branches/4.3
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
tests/phpunit/tests/db.php (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/4.3
- Property svn:mergeinfo changed
/trunk merged: 41662,42056
- Property svn:mergeinfo changed
-
branches/4.3/tests/phpunit/tests/db.php
r41502 r42062 270 270 global $wpdb; 271 271 $sql = $wpdb->prepare( "UPDATE test_table SET string_column = '%%f is a float, %%d is an int %d, %%s is a string', field = %s", 3, '4' ); 272 $this->assertContains( $wpdb->placeholder_escape(), $sql ); 273 274 $sql = $wpdb->remove_placeholder_escape( $sql ); 272 275 $this->assertEquals( "UPDATE test_table SET string_column = '%f is a float, %d is an int 3, %s is a string', field = '4'", $sql ); 273 276 } … … 374 377 } 375 378 376 377 379 function test_prepare_vsprintf() { 380 global $wpdb; 378 381 379 382 $prepared = $wpdb->prepare( "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s", array( 1, "admin" ) ); … … 392 395 $prepared = @$wpdb->prepare( "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s", array( array( 1 ), "admin" ) ); 393 396 $this->assertEquals( "SELECT * FROM $wpdb->users WHERE id = 0 AND user_login = 'admin'", $prepared ); 394 } 397 } 398 399 /** 400 * @ticket 42040 401 * @dataProvider data_prepare_incorrect_arg_count 402 * @expectedIncorrectUsage wpdb::prepare 403 */ 404 public function test_prepare_incorrect_arg_count( $query, $args, $expected ) { 405 global $wpdb; 406 407 // $query is the first argument to be passed to wpdb::prepare() 408 array_unshift( $args, $query ); 409 410 $prepared = @call_user_func_array( array( $wpdb, 'prepare' ), $args ); 411 $this->assertEquals( $expected, $prepared ); 412 } 413 414 public function data_prepare_incorrect_arg_count() { 415 global $wpdb; 416 417 return array( 418 array( 419 "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s", // Query 420 array( 1, "admin", "extra-arg" ), // ::prepare() args, to be passed via call_user_func_array 421 "SELECT * FROM $wpdb->users WHERE id = 1 AND user_login = 'admin'", // Expected output 422 ), 423 array( 424 "SELECT * FROM $wpdb->users WHERE id = %%%d AND user_login = %s", 425 array( 1 ), 426 false, 427 ), 428 array( 429 "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s", 430 array( array( 1, "admin", "extra-arg" ) ), 431 "SELECT * FROM $wpdb->users WHERE id = 1 AND user_login = 'admin'", 432 ), 433 array( 434 "SELECT * FROM $wpdb->users WHERE id = %d AND %% AND user_login = %s", 435 array( 1, "admin", "extra-arg" ), 436 "SELECT * FROM $wpdb->users WHERE id = 1 AND {$wpdb->placeholder_escape()} AND user_login = 'admin'", 437 ), 438 array( 439 "SELECT * FROM $wpdb->users WHERE id = %%%d AND %F AND %f AND user_login = %s", 440 array( 1, 2.3, "4.5", "admin", "extra-arg" ), 441 "SELECT * FROM $wpdb->users WHERE id = {$wpdb->placeholder_escape()}1 AND 2.300000 AND 4.500000 AND user_login = 'admin'", 442 ), 443 array( 444 "SELECT * FROM $wpdb->users WHERE id = %d AND user_login = %s", 445 array( array( 1 ), "admin", "extra-arg" ), 446 "SELECT * FROM $wpdb->users WHERE id = 0 AND user_login = 'admin'", 447 ), 448 array( 449 "SELECT * FROM $wpdb->users WHERE id = %d and user_nicename = %s and user_status = %d and user_login = %s", 450 array( 1, "admin", 0 ), 451 '', 452 ), 453 array( 454 "SELECT * FROM $wpdb->users WHERE id = %d and user_nicename = %s and user_status = %d and user_login = %s", 455 array( array( 1, "admin", 0 ) ), 456 '', 457 ), 458 array( 459 "SELECT * FROM $wpdb->users WHERE id = %d and %% and user_login = %s and user_status = %d and user_login = %s", 460 array( 1, "admin", "extra-arg" ), 461 '', 462 ), 463 ); 464 } 395 465 396 466 function test_db_version() { … … 850 920 851 921 /** 852 * 853 */ 854 function test_prepare_with_unescaped_percents() { 855 global $wpdb; 856 857 $sql = $wpdb->prepare( '%d %1$d %%% %', 1 ); 858 $this->assertEquals( '1 %1$d %% %', $sql ); 922 * @dataProvider data_prepare_with_placeholders 923 */ 924 function test_prepare_with_placeholders_and_individual_args( $sql, $values, $incorrect_usage, $expected) { 925 global $wpdb; 926 927 if ( $incorrect_usage ) { 928 $this->setExpectedIncorrectUsage( 'wpdb::prepare' ); 929 } 930 931 if ( ! is_array( $values ) ) { 932 $values = array( $values ); 933 } 934 935 array_unshift( $values, $sql ); 936 937 $sql = call_user_func_array( array( $wpdb, 'prepare' ), $values ); 938 $this->assertEquals( $expected, $sql ); 939 } 940 941 /** 942 * @dataProvider data_prepare_with_placeholders 943 */ 944 function test_prepare_with_placeholders_and_array_args( $sql, $values, $incorrect_usage, $expected) { 945 global $wpdb; 946 947 if ( $incorrect_usage ) { 948 $this->setExpectedIncorrectUsage( 'wpdb::prepare' ); 949 } 950 951 if ( ! is_array( $values ) ) { 952 $values = array( $values ); 953 } 954 955 $sql = call_user_func_array( array( $wpdb, 'prepare' ), array( $sql, $values ) ); 956 $this->assertEquals( $expected, $sql ); 957 } 958 959 function data_prepare_with_placeholders() { 960 global $wpdb; 961 962 return array( 963 array( 964 '%5s', // SQL to prepare 965 'foo', // Value to insert in the SQL 966 false, // Whether to expect an incorrect usage error or not 967 ' foo', // Expected output 968 ), 969 array( 970 '%1$d %%% % %%1$d%% %%%1$d%%', 971 1, 972 true, 973 "1 {$wpdb->placeholder_escape()}{$wpdb->placeholder_escape()} {$wpdb->placeholder_escape()} {$wpdb->placeholder_escape()}1\$d{$wpdb->placeholder_escape()} {$wpdb->placeholder_escape()}1{$wpdb->placeholder_escape()}", 974 ), 975 array( 976 '%-5s', 977 'foo', 978 false, 979 'foo ', 980 ), 981 array( 982 '%05s', 983 'foo', 984 false, 985 '00foo', 986 ), 987 array( 988 "%'#5s", 989 'foo', 990 false, 991 '##foo', 992 ), 993 array( 994 '%.3s', 995 'foobar', 996 false, 997 'foo', 998 ), 999 array( 1000 '%.3f', 1001 5.123456, 1002 false, 1003 '5.123', 1004 ), 1005 array( 1006 '%.3f', 1007 5.12, 1008 false, 1009 '5.120', 1010 ), 1011 array( 1012 '%s', 1013 ' %s ', 1014 false, 1015 "' {$wpdb->placeholder_escape()}s '", 1016 ), 1017 array( 1018 '%1$s', 1019 ' %s ', 1020 false, 1021 " {$wpdb->placeholder_escape()}s ", 1022 ), 1023 array( 1024 '%1$s', 1025 ' %1$s ', 1026 false, 1027 " {$wpdb->placeholder_escape()}1\$s ", 1028 ), 1029 array( 1030 '%d %1$d %%% %', 1031 1, 1032 true, 1033 "1 1 {$wpdb->placeholder_escape()}{$wpdb->placeholder_escape()} {$wpdb->placeholder_escape()}", 1034 ), 1035 array( 1036 '%d %2$s', 1037 array( 1, 'hello' ), 1038 false, 1039 "1 hello", 1040 ), 1041 array( 1042 "'%s'", 1043 'hello', 1044 false, 1045 "'hello'", 1046 ), 1047 array( 1048 '"%s"', 1049 'hello', 1050 false, 1051 "'hello'", 1052 ), 1053 array( 1054 "%s '%1\$s'", 1055 'hello', 1056 true, 1057 "'hello' 'hello'", 1058 ), 1059 array( 1060 "%s '%1\$s'", 1061 'hello', 1062 true, 1063 "'hello' 'hello'", 1064 ), 1065 array( 1066 '%s "%1$s"', 1067 'hello', 1068 true, 1069 "'hello' \"hello\"", 1070 ), 1071 array( 1072 "%%s %%'%1\$s'", 1073 'hello', 1074 false, 1075 "{$wpdb->placeholder_escape()}s {$wpdb->placeholder_escape()}'hello'", 1076 ), 1077 array( 1078 '%%s %%"%1$s"', 1079 'hello', 1080 false, 1081 "{$wpdb->placeholder_escape()}s {$wpdb->placeholder_escape()}\"hello\"", 1082 ), 1083 array( 1084 '%s', 1085 ' % s ', 1086 false, 1087 "' {$wpdb->placeholder_escape()} s '", 1088 ), 1089 array( 1090 '%%f %%"%1$f"', 1091 3, 1092 false, 1093 "{$wpdb->placeholder_escape()}f {$wpdb->placeholder_escape()}\"3.000000\"", 1094 ), 1095 array( 1096 'WHERE second=\'%2$s\' AND first=\'%1$s\'', 1097 array( 'first arg', 'second arg' ), 1098 false, 1099 "WHERE second='second arg' AND first='first arg'", 1100 ), 1101 array( 1102 'WHERE second=%2$d AND first=%1$d', 1103 array( 1, 2 ), 1104 false, 1105 "WHERE second=2 AND first=1", 1106 ), 1107 array( 1108 "'%'%%s", 1109 'hello', 1110 true, 1111 "'{$wpdb->placeholder_escape()}'{$wpdb->placeholder_escape()}s", 1112 ), 1113 array( 1114 "'%'%%s%s", 1115 'hello', 1116 false, 1117 "'{$wpdb->placeholder_escape()}'{$wpdb->placeholder_escape()}s'hello'", 1118 ), 1119 array( 1120 "'%'%%s %s", 1121 'hello', 1122 false, 1123 "'{$wpdb->placeholder_escape()}'{$wpdb->placeholder_escape()}s 'hello'", 1124 ), 1125 array( 1126 "'%-'#5s' '%'#-+-5s'", 1127 array( 'hello', 'foo' ), 1128 false, 1129 "'hello' 'foo##'", 1130 ), 1131 ); 1132 } 1133 1134 /** 1135 * @dataProvider data_escape_and_prepare 1136 */ 1137 function test_escape_and_prepare( $escape, $sql, $values, $incorrect_usage, $expected ) { 1138 global $wpdb; 1139 1140 if ( $incorrect_usage ) { 1141 $this->setExpectedIncorrectUsage( 'wpdb::prepare' ); 1142 } 1143 1144 $escape = esc_sql( $escape ); 1145 1146 $sql = str_replace( '{ESCAPE}', $escape, $sql ); 1147 1148 $actual = $wpdb->prepare( $sql, $values ); 1149 1150 $this->assertEquals( $expected, $actual ); 1151 } 1152 1153 function data_escape_and_prepare() { 1154 global $wpdb; 1155 return array( 1156 array( 1157 '%s', // String to pass through esc_url() 1158 ' {ESCAPE} ', // Query to insert the output of esc_url() into, replacing "{ESCAPE}" 1159 'foo', // Data to send to prepare() 1160 true, // Whether to expect an incorrect usage error or not 1161 " {$wpdb->placeholder_escape()}s ", // Expected output 1162 ), 1163 array( 1164 'foo%sbar', 1165 "SELECT * FROM bar WHERE foo='{ESCAPE}' OR baz=%s", 1166 array( ' SQLi -- -', 'pewpewpew' ), 1167 true, 1168 null, 1169 ), 1170 array( 1171 '%s', 1172 ' %s {ESCAPE} ', 1173 'foo', 1174 false, 1175 " 'foo' {$wpdb->placeholder_escape()}s ", 1176 ), 1177 ); 1178 } 1179 1180 /** 1181 * @expectedIncorrectUsage wpdb::prepare 1182 */ 1183 function test_double_prepare() { 1184 global $wpdb; 1185 1186 $part = $wpdb->prepare( ' AND meta_value = %s', ' %s ' ); 1187 $this->assertNotContains( '%s', $part ); 1188 $query = $wpdb->prepare( 'SELECT * FROM {$wpdb->postmeta} WHERE meta_key = %s $part', array( 'foo', 'bar' ) ); 1189 $this->assertNull( $query ); 1190 } 1191 1192 function test_prepare_numeric_placeholders_float_args() { 1193 global $wpdb; 1194 1195 $actual = $wpdb->prepare( 1196 'WHERE second=%2$f AND first=%1$f', 1197 1.1, 1198 2.2 1199 ); 1200 1201 /* Floats can be right padded, need to assert differently */ 1202 $this->assertContains( ' first=1.1', $actual ); 1203 $this->assertContains( ' second=2.2', $actual ); 1204 } 1205 1206 function test_prepare_numeric_placeholders_float_array() { 1207 global $wpdb; 1208 1209 $actual = $wpdb->prepare( 1210 'WHERE second=%2$f AND first=%1$f', 1211 array( 1.1, 2.2 ) 1212 ); 1213 1214 /* Floats can be right padded, need to assert differently */ 1215 $this->assertContains( ' first=1.1', $actual ); 1216 $this->assertContains( ' second=2.2', $actual ); 1217 } 1218 1219 function test_query_unescapes_placeholders() { 1220 global $wpdb; 1221 1222 $value = ' %s '; 1223 1224 $wpdb->query( "CREATE TABLE {$wpdb->prefix}test_placeholder( a VARCHAR(100) );" ); 1225 $sql = $wpdb->prepare( "INSERT INTO {$wpdb->prefix}test_placeholder VALUES(%s)", $value ); 1226 $wpdb->query( $sql ); 1227 1228 $actual = $wpdb->get_var( "SELECT a FROM {$wpdb->prefix}test_placeholder" ); 1229 1230 $wpdb->query( "DROP TABLE {$wpdb->prefix}test_placeholder" ); 1231 1232 $this->assertNotContains( '%s', $sql ); 1233 $this->assertEquals( $value, $actual ); 1234 } 1235 1236 function test_esc_sql_with_unsupported_placeholder_type() { 1237 global $wpdb; 1238 1239 $sql = $wpdb->prepare( ' %s %1$c ', 'foo' ); 1240 $sql = $wpdb->prepare( " $sql %s ", 'foo' ); 1241 1242 $this->assertEquals( " 'foo' {$wpdb->placeholder_escape()}1\$c 'foo' ", $sql ); 859 1243 } 860 1244 }
Note: See TracChangeset
for help on using the changeset viewer.